ROLE OVERVIEW

Are you interested in driving exceptional security for customers and have a passion for cutting-edge technologies? Do you see information security as a business enabler?

If so, JD Sports are looking for an InfoSec Lead to join their e-commerce team. Reporting into the Technical Services Manager, the role holder will be required to uphold and maintain all security related aspects in relation to JD Sports' eCommerce systems and platforms leading a small team of security analysts along the way. In this role, you will work with cross-functional teams of technical and non-technical key stakeholders to define strategy and interpret, communicate, and drive full lifecycle security projects. You will partner with Delivery, Compliance and Engineering teams to define and document security controls. You should be technically experienced and innovative in the InfoSec, compliance, and audit spaces and have the ability to understand technical processes, be able to communicate to customers and  be able to drive innovative process changes through multiple internal teams and external stakeholders. The role will be a mixture of both office based and remote working. 
 

KEY DUTIES/RESPONSIBILITIES

• Reporting regularly to senior management and articulate the current status of our systems including updates on any key security & compliance issues that have been highlighted.
• Liaising extensively with external or internal stakeholders to see issues through to resolution.
• Liaising with stakeholders to ensure effective prioritisation of incidents based on impact and urgency.
• You will be undertaking deep analysis of log files to identify potential threats as well as tracing activities of any malicious actors.
• Using your time effectively to ensure you are keeping up to date with the latest technology and security developments.
• Research and evaluate emerging security threats and ways in which to manage or mitigate them.
• Research and keep up to date with the latest guidance from organisations such as OWASP
• Proactive planning to create runbooks and standard operating procedures (SOP’s) for various scenarios as an 'always-ready' approach.
• Arranging testing and evaluation of our existing suite of security related products including but not limited to Web Application Firewalls (WAF) and provide decision-making input in relation to any new security product the business wishes to introduce.
• Plan and organise 'play days' or 'ethical hacking days' in order to test the current protection levels and identify any weaknesses.
• Drawing up, supervising and documenting processes for the benefit of the wider team.
• Supporting users on change control and system updates to ensure best practice is followed.
• Maintain a risk register and assist with internal and external audits relating to security.
• Work closely with multiple 3rd-party suppliers to ensure any risks are understood and mitigated against.
• Offer advice and guidance to internal stakeholders to ensure best practice is always followed.
• Supporting the team and the business with events that drive significant volumes of traffic to the sites including potentially malicious bot traffic, to ensure system integrity. 

SKILLS/EXPERIENCE/KNOWLEDGE NEEDED

•    Educated to degree level in any IT related field such as Computer Science.
•    At least one InfoSec/Cyber Security related accreditation such as CISSP/ISSMP. 
•    Proven track record in an e-commerce InfoSec role with a minimum of three years experience in a senior role. 
•    Demonstrable leadership, teamwork and collaboration skills. 
•    Demonstrable track record of being results oriented, self-motivated and proactive.
•    Strong will to learn, grow and excel.
•    A passion for cyber-security and a keen interest in technology. 
•    Excellent oral and written communication skills. 
•    Ability to understand complex web and standalone applications/systems architectures involving multiple technologies. 
•    Exposure in managing and driving major security incidents and leading the retrospective actions. 
•    Previous experience with malicious bot detection and mitigation.
•    Previous experience in setting up and maintaining Web Application Firewalls
•    Hands-on experience with cloud technologies such as AWS and Azure.
•    Exposure to APM monitoring tools.